Press Release

America’s JobLink (AJL) Data Incident

TOPEKA, Kan., March 22, 2017 – America’s JobLink (AJL), a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from an outside source. AJLA–TS is developed and maintained by American’s Job Link Alliance–Technical Support (AJLA–TS). AJLA–TS has been in business for almost 50 years; this is the first known intrusion AJLA–TS has experienced.

On March 21st, AJLA–TS confirmed that a malicious third party “hacker” exploited a vulnerability in the AJL application code to view the names, Social Security Numbers, and dates of birth of job seekers in the AJL systems of up to ten states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. Upon discovery of this activity, AJLA–TS immediately intervened and deployed its technical team to assess and stop the incursion, disabling the hacker’s access to the AJL systems.

AJLA–TS is working diligently with law enforcement officials to identify and apprehend the perpetrator. An independent forensic firm is completing work to determine how many job seeker accounts may have been viewed and where those individuals are located. The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA–TS system.

FAQs

Q: What happened?

On February 20, 2017, a hacker created a job seeker account in an America’s JobLink (AJL) system. The hacker then exploited a misconfiguration in the application code to gain unauthorized access to certain information of other job seekers. This misconfiguration has since been eliminated.

America’s Job Link Alliance–Technical Support (ALJA–TS) first noticed unusual activity in AJL via system error messages on March 12. AJLA–TS immediately notified law enforcement, retained an independent forensic firm to investigate the cause and scope of the activity, and fixed the misconfiguration.

Q: What personally identifiable information was the hacker able to see?

The personally identifiable information included users’ names, dates of birth, and Social Security numbers.

Q: Which states were affected?

The hacker was found to have activity in the AJL systems of ten states: Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.

Q: Is the JobLink site now safe to use?

The code misconfiguration was identified and eliminated on March 14 and no longer poses a threat to the AJL systems.

Q: Is law enforcement involved?

Yes. AJLA–TS contacted law enforcement immediately and is currently working with the FBI to identify and apprehend the hacker.

Q: How did this happen?

The code misconfiguration was introduced in an AJL system update in October 2016.

Q: Does the hacker pose a threat to the ReportLink or CertLink users?

No. The code misconfiguration did not pose a threat to the ReportLink or CertLink systems and users.

Q: Why do you need Social Security numbers in the first place?

The federal government requires that we ask for your Social Security number. As the AJL system indicates, however, you are not required to provide it.

Q: How long is data kept in the AJL system?

Data is retained unless requested to be deleted. This is to facilitate federal reporting and UI eligibility requirements.

Q: Can my data be removed from the system?

Yes. Please contact your state-specific AJL help desk for assistance.

Q: I’ve read news stories online about a virus. Was a virus involved?

No. This incident did not involve a virus or any other form of malware.

Q: If AJLA–TS knew about this incident on March 12, why am I only learning about this now?

Notifying potentially affected individuals has been a top priority since AJLA–TS discovered that the error messages we were receiving were due to malicious activity and not a technical issue. Before releasing a public announcement, however, it was important that AJLA–TS identify the misconfiguration and eliminate it from the system. The forensic firm’s analysis required the review of a significant amount of system data. This analysis was needed to confirm that the hacker had actually accessed individuals’ information, so as not to unnecessarily alarm affected individuals. Finally, it was critically important that any announcement not interfere with law enforcement’s investigation.

Q: When will I be notified if my account was breached?

If you have a valid email address on file and your account was impacted by the incident, you will likely be notified by email within five to 10 business days from March 24, 2017.

Q: Do you suspect that my information has been used fraudulently?

We do not have any evidence that your information was actually misused, but we take our obligation to protect your information seriously and wanted to ensure that you received notification as soon as possible.

Q: I am unable to retrieve my user name and password to see if I entered my SSN/ My account has been locked/disabled.

Enter your Social Security number. If you are not comfortable with this or if you do not recall if you chose to use a pseudo-SSN, enter 0 and click Continue.

Enter your email address associated with the account. If the email address you enter is not associated with an account or if you do not know what email address you used when you created the account, enter 0 and click Continue.

Enter the phone number (without parentheses or dashes) associated with the account. If the phone number you enter is not associated with an account or if you do not know what phone number you used when you created the account, enter 0 and click Continue.

Enter the answer to your security question. If you do not recall the answer to your security question, enter 0 and click Continue. A screen will display with contact information to contact your state’s help desk.

To retrieve your password:

Enter your username. Click Continue.

Enter the answer to your security question. Click Continue.

If you answer the question correctly, you will be prompted to enter a new password.

If you cannot answer your security question correctly, you will be prompted to Start Again. If you are still unable to correctly answer your security question, contact your local workforce center for assistance. To find this contact information, go the JobLink homepage and click Contact Us.

If you receive a message that your account has been disabled, contact your local workforce center for assistance.

Q: Does the data incident cover a specific period of time? (e.g., I used the system in 2004. Has my data been breached?)

Job seeker accounts created prior to March 14, 2017 are potentially affected. If you have a valid email address on file, you will likely be notified by email if your specific account was impacted during the incident within five to 10 business days from March 24, 2017.

Q: I have been receiving unwanted phone calls/text messages from recruiters. Is this related?

If you are receiving unwanted phone calls, text messages, or emails from recruiters, it is unlikely that it is related to the security breach. Phone numbers and email addresses were not compromised.

While there is no indication that your information has been misused in any way, we recommend that all potentially impacted individuals take the following steps to safeguard their personal information:

If you discover errors or suspicious activity on your credit card account, you should immediately contact the credit card company. Confirm the address they have on file for you is your current address, and that all charges on the account are legitimate.

To obtain an annual free copy of your credit reports, visit www.annualcreditreport.com or call 877.322.8228. Review your credit reports carefully for inquiries from companies you did not contact, accounts you did not open, or debts on your accounts that you do not recognize. Also make sure to verify the accuracy of your Social Security number, address(es), complete name, and employer(s) information. If information on a report is incorrect, notify the credit bureau directly using the telephone number on the report. You can reach the credit reporting agencies at:

Placing a fraud alert or security freeze on your credit file – Credit bureaus have tools you can use to protect your credit, including fraud alerts and security freezes.

A fraud alert is a cautionary flag, which is placed on your credit file to notify lenders and others that they should take special precautions to ensure your identity before extending credit. Although this may cause some short delay if you are the one applying for credit, it might protect against someone else obtaining credit in your name. Call any one of the three credit reporting agencies at the numbers below to place fraud alerts with all three of the agencies:

Equifax: 888.766.0008

Experian: 888.397.3742

TransUnion: 800.680.7289

A security freeze is a more dramatic step that will prevent lenders and others from accessing your credit report entirely, which will prevent them from extending credit. With a security freeze in place, even you will need to take special steps when applying for credit. A security freeze may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing or other services. You must contact each credit agency separately to order a security freeze. You can obtain more information by visiting the credit bureaus at the following addresses:

Reporting suspicious activity – If you believe you are the victim of fraud or identity theft, file a police report and get a copy of the report to submit to your creditors and others that may require proof of a crime to clear up your records. The report may also provide you with access to services that are free to identity theft victims.

Q: Who can I contact with additional questions?

You may contact the AJLA Response Center with additional questions about the incident at 844.469.3939. The Response Center's hours are 8 am CDT until 8 pm CDT Monday through Friday. The Response Center can also assist you with determining your eligibility for credit monitoring as part of this incident.